from rest_framework import permissions


class CanUpdateAppointment(permissions.BasePermission):
    def has_permission(self, request, view):
        if request.user.is_superuser:
            return True

        if 'checked_in' in request.data:
            return request.user.is_client

        if 'access_granted' in request.data:
            return request.user.is_provider

        return True

    def has_object_permission(self, request, view, obj):
        if request.user.is_superuser:
            return True
        return request.user.pk in [obj.created_by_id, obj.client_id]


